The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetApp SnapCenter Backup Management

vulnerability note CVE-2019-12384

jackson-databind: file reading via Polymorphic Typing JSON Message

Synthesis of the vulnerability

A local attacker can read a file via Polymorphic Typing JSON Message of jackson-databind, in order to obtain sensitive information.
Impacted products: Debian, SnapCenter Backup Management, RHEL.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 24/06/2019.
Identifiers: CVE-2019-12384, DLA-1831-1, NTAP-20190703-0002, RHSA-2019:1820-01, RHSA-2019:2720-01, VIGILANCE-VUL-29604.

Description of the vulnerability

A local attacker can read a file via Polymorphic Typing JSON Message of jackson-databind, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-11358

jQuery Core: privilege escalation via Object.prototype Pollution

Synthesis of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Impacted products: Debian, Drupal Core, eZ Platform, Fedora, jQuery Core, SnapCenter Backup Management, openSUSE Leap, Oracle Communications, WebLogic, RabbitMQ, Red Hat SSO, SLES, Synology DSM, Telerik.Web.UI.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 11/04/2019.
Identifiers: cpujul2019, CVE-2019-11358, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4460-1, EZSA-2019-005, FEDORA-2019-2a0ce0c58c, FEDORA-2019-a06dffab1c, FEDORA-2019-f563e66380, NTAP-20190919-0001, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, VIGILANCE-VUL-29030.

Description of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1000632

dom4j: external XML entity injection via XML Injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data via XML Injection to dom4j, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Debian, SnapCenter Backup Management, Snap Creator Framework, SnapManager, openSUSE Leap, JBoss EAP by Red Hat, Red Hat SSO, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 25/09/2018.
Identifiers: CVE-2018-1000632, DLA-1517-1, NTAP-20190530-0001, openSUSE-SU-2018:2931-1, openSUSE-SU-2018:3998-1, openSUSE-SU-2018:4045-1, RHSA-2019:0362-01, RHSA-2019:0364-01, RHSA-2019:0365-01, RHSA-2019:0380-01, RHSA-2019:1159-01, RHSA-2019:1160-01, RHSA-2019:1161-01, RHSA-2019:1162-01, SUSE-SU-2018:3424-1, SUSE-SU-2018:3908-1, VIGILANCE-VUL-27312.

Description of the vulnerability

An attacker can transmit malicious XML data via XML Injection to dom4j, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetApp SnapCenter Backup Management: